I agree to Idea A New Approach to Emergency Operations Plan Partnerships
Voting Disabled
I disagree to Idea A New Approach to Emergency Operations Plan Partnerships

Rank566

Idea#1733

This idea is active.
Innovative Solutions in Emergency Management »

A New Approach to Emergency Operations Plan Partnerships

The Creation of National (Cloud-Based) Emergency Operations Plan (EOP) Repositories & Databases to Enhance Collaboration Opportunities, and More.

FULL ARTICLE IS POSTED HERE:

http://uscsrh.ideascale.com/a/dtd/A-New-Approach-to-Emergency-Operations-Plan-Partnerships/72166-29117

-

TECHNOLOGY AND METHODS:

One possibility is the use of a secure Microsoft OneDrive Cloud service paired in combination with OneNote software. Specific method:

=>STEP#1: The private sector business will place their finished EOP within OneNote and synchronize it to their secure OneDrive Cloud within a labeled and dated EOP Folder.

=>STEP#2: This private sector business will then “Share” their “EOP Folder” (located on their OneDrive Cloud) with their Local Emergency Stakeholders.

=>STEP#3: The Local Police Department (in example as a member of the local emergency stakeholders and LEPC) could maintain a OneDrive Cloud service (or similar service) for the purpose of collecting all EOP’s that the Private Sector Businesses share.

=>STEP#4: All police departments in a given State will collect all (Local) private sector EOP’s and “share” (all of these collected EOP’s) with the State (as a large single synchronized combined secure Statewide OneDrive Cloud repository) or similar technology.

=>STEP#5: Each State will then periodically “Share” all collected EOP’s with a National Repository (a very large single National secure cloud storage site).

=>STEP#6: Additional repositories and databases may then be derived from the stored EOP’s at the discretion of a given Government Agency.

-

ADDED VALUE: (SEE COMMENTS)

Submitted by 2 months ago

Comments (8)

  1. Aaron Littlefield Idea Submitter

    FOR THOSE WHO ARE INTERESTED HERE ARE UPDATES AND THE BULK OF THE ARTICLE WITH ADDED VALUE AND MORE BELOW

    -

    SUBJECT:

    This idea briefly depicts the methods and benefits of (National implementation/deployment) of technologies that will provide secure cloud-based repositories and databases containing all private sector business’s Emergency Operations Plans (EOP), with search, share, and collaboration capabilities.

    -

    OBJECTIVES AND GOALS:

    This idea provides a recommendation and a simplified overview of an excellent collaboration technology that I currently employ within my business (ATL Prevention Research L.L.C.) and with my business partners or clients. This information has been repurposed to share within this community, with relevant Government stakeholders, and the entire U.S. business community. The goals of sharing this information are to present new approaches that will enhance National Safety, Preparedness, and Resilience, through mechanisms that will provide broader digital access and distribution of EOP’s, as well as facilitate awareness, continuity, collaboration, and partnerships.

    -

    INTRODUCTION:

    In the spirit of modern “Open Source” activities of the U.S. Government, I believe (private sector) Emergency Operations Plan cloud-based repositories & databases should be created on the National level to promote stakeholder revisions, optimization and maintenance of their EOP’s, as well as, enhance a given business’s coordination and collaboration with Local, State, and National Partners. Enhanced continuity and safety at all levels will be achieved ultimately by augmenting and streamlining private sector planning and communication of their EOP’s to their Stakeholders, and with their Peers. Preparedness and national resilience will be enhanced overall through collaboration with local Emergency Professionals, First Responders and with other groups who will consult with the Business Threat Assessment Team, engage in training and drills, and thereby assist with brainstorming, readiness, and further optimization of their EOP annually. In theory, this additional level of collaboration will also augment National uniformity, functionality, communications, and should positively impact the emergency procedures that are “Jointly” executed by Task Forces in multi-state emergency scenarios (i.e. complex operations such as floods, fires, and earthquakes, that necessitate the use of highly optimized plans that enhance the chances of saving lives and property during disasters or dangerous events or incidents).

    -

    TECHNOLOGY AND METHODS:

    One possibility is the use of a secure Microsoft OneDrive Cloud service paired in combination with Microsoft OneNote software. Specific method:

    =>STEP#1: (SINGLE BUSINESS) The private sector business will place their finished EOP within OneNote and synchronize it to their secure OneDrive Cloud storage within a labeled and dated EOP Folder.

    =>STEP#2: (BUSINESS LEVEL DISSEMINATION) This private sector business will then “Share” their “EOP Folder” (located on their OneDrive Cloud service) with their Local Emergency Stakeholders and keep it updated and synchronized.

    =>STEP#3: (LOCAL REPOSITORY AND OBLIGATE DISSEMINATION) The Local Police Department (as an example member of the local emergency stakeholders and LEPC) could maintain a OneDrive Cloud service (or similar internet-based digital storage) for the purpose of collecting all EOP’s that the Private Sector Businesses “Share” with them, (OneDrive will automatically periodically synchronize all updates to everyone who the Private Sector Business desires to include as a recipient of their EOP).

    =>STEP#4: (POLICE REPOSITORY AND OBLIGATE DISSEMINATION) All police departments in a given State will collect all (Local) private sector EOP’s and “share” (all of these collected EOP’s) within their State and (consolidating them into a single large combined Statewide OneDrive Cloud repository) or similar online storage technology. Again, this is an automatic synchronization function of OneDrive to the recipient State data storage unit.

    =>STEP#5: (STATE REPOSITORY AND OBLIGATE DISSEMINATION) Each State will then “Share” all collected EOP’s with a National Repository (a very large single National secure cloud storage site). This is the final recipient that OneDrive “points to,” and will automatically periodically synchronize updated EOP’s to the National EOP Repository.

    =>STEP#6: (NATIONAL REPOSITORY AND DATABASES) Optional/additional National repositories and databases may then be derived from the National digitally-stored EOP’s at the discretion of a given Government Agency.

    => ADDITIONALLY: (PEER COLLABORATION) Local businesses could also (optionally) collaborate with other businesses by “sharing” a redacted or generic version of their EOP (with equivalent or relative businesses), or with professional consultants, and team members as they wish.

    *NOTE: The reason for choosing Microsoft is related to recent precipitating events include their 2014 advancements in Security, Encryption, and the “Microsoft Transparency Centers” (e.g. OneDrive is now Perfect Forward Secrecy encryption enabled when accessing it through your account at (onedrive.live.com).

    -

    SIMPLE USAGE EXAMPLES OF THIS PROPOSED TECHNOLOGY:

    =>EXAMPLE-1: A member of an organization desires to partner with a given business. The business can Share their OneDrive EOP folder with them, and provide the venue to remotely participate in annual EOP updates and optimization activities with them.

    =>EXAMPLE-2: A Church creates a very comprehensive and excellent EOP and decides to share it with (i.e. 3 other local Churches) via OneDrive secure cloud service. In this example, OneDrive will provide a location for the EOP source file (that will be synchronized to everyone as changes are made to the EOP) and OneNote will additionally provide a software interface for remote editing and critiquing of the EOP in “real-time.” The OneDrive-OneNote combination will provide a venue for collaboration among stakeholders or members of the (example 3 local churches) or anyone else who has been given permission and “Share” privileges.

    =>EXAMPLE-3: If the same Church as above shares their EOP with the local Fire Department who discovers a miscalculation or abnormality in the EOP, they can respond, and the Church may then receive Fire Dept. recommendations in Real-time,” and quickly revises their EOP to the satisfaction of everyone.

    -

    ADDED VALUE TO BUSINESSES, NATIONAL SECURITY, RESILIENCE, AND MORE:

    1. This will allow partners, local and State Emergency Managers, and the U.S. Government to evaluate the current status and content of a given EOP, identify, analyze and correct weaknesses, as well as leverage intelligence for Command and Control of Emergencies related to our Critical Infrastructure Partners. Critical businesses would be targeted for high priority EOP adjustments (as the need arises).

    2. I believe this will “streamline” a path for the creation of “EOP Gold Standards” and potentially ISO minimum standardization or other Semi-Standardization of some high priority EOP’s.

    3. EOP Repository or Database research could be conducted related to the percentage of organizations that have a basic EOP as a ratio to the State record of total statewide businesses or versus the type of Business. This technology could evolve a tracking feature, or may become a useful metric and be analyzed to gauge State Business Preparedness “Planning” and conformity with various standards or recommendations.

    4. An EOP repository creates a redundancy protection in the event a business is destroyed this record will be in the cloud and retrievable.

    5. The EOP folder could additionally perhaps contain a list of employees for search and rescue (e.g. in the event that an earthquake causes building collapse).

    6. EOP’s in the cloud will enhance National uniformity, organization, and (collaboration as in the above example).

    7. EOP Retrospective research for errors may pinpoint why a given failure occurred, and aid investigations, as well as, lend to future recommendations and revisions.

    8. Analytics may be developed, and retrospective studies or other evaluations may be conducted over time to gauge National resilience improvements.

    9. It is implied that businesses with better (and more refined) EOP’s, (who share them with their local Emergency Managers), are augmenting their resilience by enacting functional emergency protocols that are coordinated with first responders, and include plans that protect property, protect their personnel, and protect public bystanders who may be within their facility when disaster/danger strikes (e.g. within a stadium).

    -

    KNOWN IMPLEMENTATIONS:

    Briefly stated, these technologies are currently widely used for various other purposes. I use these technologies within my business and with partners for various projects, and for collaboration (and I recommend them, they work great). All Hospitals are required to create “All-Hazard” EOP’s, therefore, they would be immediately ready to deploy pilot collaboration trials using said technologies, repositories and databases. Non-public Government databases likely have some degree of this capability already, but would be unwise to integrate (government databases) with the private sector EOP data or documents, and is not the purpose of this discussion.

    -

    INCENTIVIZATION:

    1. EOP review in the cloud could certainly enhance safety and may constitute an insurance company rate deduction.

    2. Government safety incentives are possible but speculative at this point and beyond the scope of this discussion.

    -

    CONCESSION:

    I concede that there are additional agreements that may need to be worked out in the event that this new approach evolves into broad and significant partnership capabilities. I further acknowledge that law-makers (through policies) could leverage this technologies structure-function set as a means to close legislative loop-holes, and integrate it into existing planning frameworks (with many added benefits that are not included within this discussion). I also, mention here that there are other technology options available that could be used to create a similar condition and digital environment such as (e.g. Access, Exchange, SharePoint, Cisco, or Red Hat products). These products were not discussed herein because they may require advanced training, and additional annual costs or fees.

    -

    OTHER EXAMPLE BARRIERS:

    1. It is implied that individuals who utilize this excellent technology have a very basic understanding of modern computing, and can edit a document, maintain a schedule, and systematically execute basic computer tasks.

    2. The deployment of this technology is very easy and fast (it took me 45 minutes to install the software, create the associated Microsoft account, point a OneNote folder to my OneDrive, create a synchronization schedule, and Share it with my other remote devices and partners). BUT, the private sector adoption and implementation process could be slow because it would be voluntary. It is implied that if policy or CFR mandates were created, this process would be rapidly expedited.

    3. Verification and assurances from Microsoft (at minimum) must assert that a OneDrive Cloud service will maintain these example agreements:

    => Minimum privacy agreement for the user and their content/data stored on the OneDrive cloud service.

    => A statement of the continuous security and access level standards that will be maintained.

    => An agreement of continuous “Information Assurance” of data at rest and in transit with security monitoring as well as scheduled intrusion tests, and updates or patches.

    => An agreed upon cloud service up-time of e.g. 99.9% availability.

    => (Optional) arrangements might include platform integration customizations as per customer/businesses requirements (e.g. Linux and enterprise systems).

    -

    EXAMPLE EOP PARTNER ACCESS AND OTHER AGREEMENTS:

    => Local, State and National Government Stakeholders would be automatically (granted or designated or authorized) to have access to ALL (or most) private sector EOP’s available on the OneDrive cloud service.

    => Search capabilities and the use of standard metadata fields, would be implemented generally by the appropriate agencies and authorities, as this technology option evolves, and as the need arises.

    => Additional business partnerships and sharing would be at the discretion of the business on a case-by-case basis, and would be separate from the Local, State, and National EOP repositories.

    => EOP partner vetting would generally be the responsibility of the Business.

    => In the instance that a given business requires additional Operational Security (e.g. relative to the degree of impact the Business has on National critical infrastructure or security), then these circumstances may be dealt with by professionals (and is beyond the scope of this discussion) or they may opt out.

    -

    EXAMPLE PRIVATE SECTOR EOP CATEGORIZATION, CODING AND LABELING:

    => EOP standardized terminology has implied continuity benefits for all stakeholders.

    => Private sector business EOP’s, (located in folders on OneDrive clouds), may be labeled with standardized names and be tagged, or contain other metadata useful for business categorization including NAICS codes and terminology, (especially for professional businesses).

    => Additionally, generic labels could be used for common business search engine filter criteria including: (e.g. Hospitals, Prisons, Schools, Places of Worship, Telephone and Cell phone services, Electrical Companies, Gas and Fuel, Water & Sewage or Waste Removal, Stadiums, Shelters, Road crews, Construction Contractors) etc.

    -

    FUTURE PROGRAM EXPANSION:

    Cyber is “the future,” therefore, in the future, (accountability may become implied) and the expansion of this program could include website cyber-security accountability, whereby website owner EOP’s and procedures are created and (maintained on OneDrive secure cloud services) together with their “Compact Privacy Policy” and would contain provisions to ensure that their users are safe from (e.g. Privacy Violations, Identity Theft, Malware propagation, Foreign and Domestic adversarial exploitation activities or intrusions, and other data or copyright violations).

    -

    FINAL IMPRESSIONS:

    This information release was a segment from other research reports I composed on this subject, for the purpose of enhancing National opportunities, capabilities, and partnerships, (repurposed for this thread), and is not all inclusive. This technology option has demonstrated added value for myself and my business, and I believe it can yield significant opportunities and enhancements for all levels of National Security constituents, as well as, those who desire to optimize their EOP’s, collaborate, and participate in a new and more contemporary approach to Emergency Operations Plan partnerships.

    -

    TAKE-HOME KEY CONCEPTS AND NEXT STEPS:

    The OneDrive-OneNote combination will facilitate collaboration and partnerships through cloud storage access to EOP’s for purposes such as enhancing National government emergency information sharing and relationships with all States and Local private sector businesses. Additionally, it will provide for peer review capabilities, research opportunities, analysis for EOP optimization, and remote maintenance of EOP documentation. If this new technology approach to EOP partnerships were considered on a national level, the initial steps may include:

    => Mapping this option to National Emergency Planning Frameworks to ensure continuity and compliance with current technologies, as well as, conducting deconfliction due diligence.

    => Also, prioritize Critical Infrastructure Partner integration, (e.g. the highest priority providers and businesses are evaluated first).

    => Simultaneously, I would recommend law-makers explore how this option could close National Security policy Loop-holes, and the potential for stakeholder accountability. No accountability is the baseline starting point.

    => Businesses that require a more advanced interface or platform customizations, or Operational Security arrangements may be given notice of foreseeable Information Assurance requirements or concerns and be given alternative options so that they may still participate, and begin planning their deployment strategy and considering their case-specific partnerships, and collaboration options as soon as possible.

    -

    OFFICIAL MICROSOFT ONEDRIVE WEBSITE:

    https://onedrive.live.com/about/en-us/

    -

    OFFICIAL MICROSOFT ONENOTE WEBSITE:

    http://www.onenote.com/

    -

    * REFERENCED MICROSOFT ONEDRIVE 2014 SECURITY INFORMATION:

    http://blogs.microsoft.com/on-the-issues/2014/07/01/advancing-our-encryption-and-transparency-efforts/

    2 months ago
  2. I love the idea ... not the medium.

    Microsoft has all sorts of licensing requirements and "stuff" that is not "open source". If we keep it generic (not "Windows-only") then everyone can have access.

    Whatever we do, I believe it needs to be friend and usage by Windows users, LINUX users, Apple users, etc. without specific requirements like Microsofts "One account login requirement.

    2 months ago
  3. I agree that one should not use a vendor specific tool if possible. Many people might want to access this information via smartphone and the majority of those are iOS and Android, which are not Microsoft friendly.

    2 months ago
    1. Aaron Littlefield Idea Submitter

      Thank you for your feedback “whiteheadm,”

      I recently check the status of android and other platform usage capabilities for OneDrive cloud service…Good news, OneDrive is supported in Apple products (both OS X & iOS) also OneDrive is supported in Android Operating System as well (as of Feb. 19, 2014). Here are the official internet locations for the software you can use to access your EOP on the OneDrive cloud service from other Operating Systems below:

      -

      The official OneDrive App for iOS is here:

      https://itunes.apple.com/gb/app/onedrive-formerly-skydrive/id477537958?mt=8

      -

      The official OneDrive App for Apple OS X is here:

      https://itunes.apple.com/us/app/onedrive/id823766827?mt=12

      -

      The official OneDrive App for Android is here:

      https://play.google.com/store/apps/details?id=com.microsoft.skydrive

      -

      Here is an announcement of OneDrive availability on mobile devices:

      https://blog.onedrive.com/onedrive-is-now-available-worldwide/

      -

      As per the goal of not using vender specific tools, I understand the logic and have conducted my own trial software experiments, but this post was intended for all businesses (who may not have the ability to use “other tools” e.g. SSL usage, manually updating security certificates, tunneling, creating their own cloud service with remote access and management of server and storage hardware or a NAS device, Information Assurance at rest and transit with endpoint protection etc). Additional considerations might include that Venders have funding capabilities that drive development processes to new levels. They subsequently earn a reputation for quality and integrity that in turn imparts on to them authority and trust in their products. They can also afford to contract-out intrusion and penetration testing and hire the best Technology experts to ensure their products are free from vulnerabilities and conflicts. They may also have an associated Holdings Corporation that will pay you an arbitrated settlement in the event that their product damages your company. I would be interested to hear about alternative software recommendations that are inexpensive to procure and maintain, secure, easy to set-up, easy to use, and contain automated sync functions across all devices and to all “Shared user accounts” as well…

      -

      This topic is also discussed at FEMA National Preparedness Community here:

      http://www.community.fema.gov/connect.ti/readynpm/messageshowthread?threadid=48142

      2 months ago
  4. Aaron Littlefield Idea Submitter

    Hi Richard, excellent feedback, thank you! ...I understand what you mean about generic, and the need for universal API's...I think a lot of client-software will probably still have to have custom built-in security per platform in the future though due to all of the Cyber-Security issues in the world today (see US-CERT weekly vulnerabilities lists-it is hard to keep up)...I'm an avid open source software & Linux user too...I picked the Microsoft combo because I use them daily, and they're so darn easy to use, and secure...OneNote & OneDrive are available at the apple/iphone app store, but definitely not for Linux (I also looked for Wine OneDrive client but no dice)...I have some custom Virtual Appliances for VMware and portable Virtualbox that provide similar functions and will run in a 500MB memory allocation, but the user would have to know more about technology to implement/deploy them in conjunction with their tunneling software and their own cloud or NAS service…One problem I foresee with Open Source software (in general) is that as soon as it works really great, (and the public begin using it regularly, no bugs, stable, & high version) a big company will usually buy it, merge it into their range of products and start charging money…Also, I carefully read the compact privacy and use policies that can definitely complicate product usage these days!

    2 months ago
  5. Established pursuant to the Critical Infrastructure Information (CII) Act of 2002, the PCII Program is an information-protection tool that enables members of the private sector to submit proprietary, confidential, or sensitive infrastructure information to DHS with the assurance that the information will be protected from public disclosure. Under the PCII Program, information that satisfies the requirements of the CII Act of 2002 is protected from public disclosure under the Freedom of Information Act (FOIA), State and local disclosure laws, and use in civil litigation. DHS and other Federal, State, and local analysts use PCII in pursuit of a more secure homeland, focusing primarily on analyzing and securing critical infrastructure and protected systems, identifying vulnerabilities and developing risk assessments, and enhancing recovery preparedness measures.

    2 months ago
    1. Aaron Littlefield Idea Submitter

      Thank you for your wisdom on this subject Mr. Cyran, I downloaded your suggested reading at NPC and will review it soon. I understand what you mean about cellular instability. The links to cell phone clients (useful to access the OneDrive cloud) were posted purely to satisfy the requests of other NPC & FEMA IdeaScale users. I will post other expanded information related to your comments and on this subject soon, and will look forward to your insights as well.

      2 months ago
  6. NIPP methods, procedures, and doctrines, as well as NIMS, is suggestive of all stakeholders participation in the planning procedure rather than stakeholders dialing up a seperate EOP on the cloud which may not be coordinated with other stakeholder plans.

    Prepardness, by itself, is not solely reliant on an EOP.NIMS defines the preparedness cycle as “planning, training, equipping, exercising, evaluating, and taking action to correct and mitigate.” While EOPs are prepardness documents, they are meant to be read, understood,and exercised prior to an incident rather than be dialed up on the internet at times of doubt or confusion. Exercises play an important role in this broad preparedness cycle. Plans, training, and equipment, and the capabilities they represent, are validated through exercises. Exercise evaluation informs preparedness priorities by highlighting potential preparedness shortfalls in the areas of planning, organization, training, and equipment prior to real-world incidents. All stakeholders should be at the planning table and be inclusive in training and exercises to the extent of planning, training, equipping,exercising, certification, qualification, and NIMS credentialing.

    Continuity planning is simply the good business practice of ensuring the execution of essential functions through all circumstances, and it is a fundamental responsibility of public institutions and private entities responsible to their stakeholders. The National Continuity Policy recognizes that an

    organization’s resiliency is directly related to its continuity capability.Because major events can exceed the normal operating capacity of any single jurisdiction, a collaborative,national approach should be used to plan and prepare for major events. Internet, as well as cell-phone, resources may not be in service during disasters, emergencies, nor average times. The ability of an organization to continue to perform its essential functions should not have sole reliance on land-line,cellphone, nor internet service.

    All parties identified in the planning process used in a jurisdiction’s emergency operations plan need to have agreements in place to ensure that the elements within plans and procedures will be in effect at the time of an incident. The agreements should specify all of the communications systems and platforms through which the parties agree to use or share information.

    1 month ago

Vote Activity Show